Endesa: Spanish energy giant Endesa discloses data breach affecting customers

Endesa and Energía XXI Report Data Breach Affecting Millions of Customers

Spanish energy provider Endesa and its subsidiary Energía XXI have disclosed a data breach involving unauthorized access to customer contract information. The incident, detected on an unspecified date, exposed personal and financial details of affected clients, though no account passwords were compromised.

Scope and Impact
Endesa, Spain’s largest electric utility company under the Enel Group, serves over 22 million customers across Spain and Portugal. The breach targeted its commercial platform, with hackers accessing:

• Basic identification details (names, addresses)
• Contact information (phone numbers, emails)
• National identity numbers (DNI)
• Contract and payment details, including IBANs

While the company states there is no current evidence of fraudulent data misuse, it acknowledges potential risks, including identity theft and phishing attacks. Endesa has notified Spain’s Data Protection Agency and relevant authorities, implementing heightened monitoring and blocking compromised internal accounts.

Ongoing Investigation and Threat Actor Claims
The breach’s full extent remains under investigation, with Endesa pledging to notify affected customers as new details emerge. Meanwhile, threat actors have advertised a purported 1TB database of Endesa customer records allegedly 20 million entries for sale to a single buyer. The samples align with the data types Endesa confirmed were accessed, though the company has not verified the hackers’ claims.

Energía XXI has assured customers that operations and services remain unaffected, with no disruption to energy distribution. The company continues to analyze logs and reinforce security measures.

Source: https://www.bleepingcomputer.com/news/security/spanish-energy-giant-endesa-discloses-data-breach-affecting-customers/

Endesa cybersecurity rating report: https://www.rankiteo.com/company/endesa

"id": "END1768237930",
"linkid": "endesa",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '10 million+ (Energía XXI '
                                              'customers)',
                        'industry': 'Energy',
                        'location': 'Spain, Portugal',
                        'name': 'Endesa',
                        'size': '22 million clients',
                        'type': 'Energy Utility Company'}],
 'customer_advisories': 'Customers notified to monitor for fraudulent activity '
                        'and report suspicious incidents.',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': 'SQL databases',
                 'number_of_records_exposed': '20 million (alleged)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII, financial data)',
                 'type_of_data_compromised': ['Basic identification details',
                                              'Contact information',
                                              'National identity numbers (DNI)',
                                              'Contract details',
                                              'Payment details (IBANs)']},
 'description': 'Spanish energy provider Endesa and its Energía XXI operator '
                "notified customers that hackers accessed the company's "
                'systems and accessed contract-related information, including '
                'personal details. The investigation indicates unauthorized '
                'access to basic identification details, contact information, '
                'national identity numbers (DNI), contract details, and '
                'payment details (including IBANs).',
 'impact': {'data_compromised': 'Basic identification details, contact '
                                'information, national identity numbers (DNI), '
                                'contract details, payment details (IBANs)',
            'identity_theft_risk': 'High (identity impersonation, phishing '
                                   'attacks)',
            'operational_impact': 'No impact on operations or services',
            'payment_information_risk': 'High (IBANs exposed)',
            'systems_affected': 'Commercial platform'},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial Gain (Data for Sale)',
 'recommendations': 'Customers urged to be vigilant for identity '
                    'impersonation, data theft, and phishing attacks; report '
                    'suspicious activity.',
 'references': [{'source': 'BleepingComputer'}],
 'regulatory_compliance': {'regulatory_notifications': ['Spanish Data '
                                                        'Protection Agency',
                                                        'Pertinent '
                                                        'authorities']},
 'response': {'communication_strategy': 'Public disclosure, direct customer '
                                        'notifications',
              'containment_measures': 'Blocked access to compromised internal '
                                      'accounts, dumped log records for '
                                      'analysis',
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'remediation_measures': 'Notifying affected customers, elevated '
                                      'monitoring for suspicious activity'},
 'title': 'Unauthorized Access to Endesa and Energía XXI Customer Data',
 'type': 'Data Breach'}